Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.apps > #1290 > unrolled thread

advice for an acquaintance

Back to article view | Back to comp.sys.mac.apps

Contents

  advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-15 14:47 +0000
    Re: advice for an acquaintance Jolly Roger <jollyroger@pobox.com> - 2011-04-15 10:00 -0500
    Re: advice for an acquaintance Steve Fenwick <nospam@nospam.invalid> - 2011-04-15 08:34 -0700
    Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-15 12:16 -0400
      Re: advice for an acquaintance nospam@see.signature (Richard Maine) - 2011-04-15 09:42 -0700
        Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-15 13:05 -0700
          Re: advice for an acquaintance Tim Streater <timstreater@waitrose.com> - 2011-04-15 18:30 +0100
            Re: advice for an acquaintance dcohenspam@talktalk.net (Daniel Cohen) - 2011-04-16 17:42 +0100
          Re: advice for an acquaintance erilar <drache@chibardun.net.invalid> - 2011-04-15 12:38 -0500
            Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-16 13:00 -0400
              Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 18:45 +0000
                Re: advice for an acquaintance Jim Glidewell <jim_glidewell@yahoo.com> - 2011-04-16 21:15 +0000
          Re: advice for an acquaintance BreadWithSpam@fractious.net - 2011-04-15 15:31 -0400
            Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-15 16:34 -0700
              Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-15 21:40 +0000
                Re: advice for an acquaintance Jeffrey Goldberg <nobody@goldmark.org> - 2011-04-16 00:35 -0500
                  Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-16 16:50 +1000
                    Re: advice for an acquaintance Jeffrey Goldberg <nobody@goldmark.org> - 2011-04-16 10:59 -0500
                  Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 12:45 +0000
                Re: advice for an acquaintance jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2011-04-17 00:26 +1200
                  Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 13:04 +0000
                    Re: advice for an acquaintance jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2011-04-17 03:00 +1200
                      Re: advice for an acquaintance erilar <drache@chibardun.net.invalid> - 2011-04-16 10:55 -0500
                  Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-16 20:25 +0000
                  Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-17 07:51 +1000
                    Re: advice for an acquaintance jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2011-04-18 07:50 +1200
                      Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-18 09:41 +1000
                      Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-18 00:35 +0000
          Re: advice for an acquaintance "John Varela" <newlamps@verizon.net> - 2011-04-15 22:07 +0000
            Re: advice for an acquaintance BreadWithSpam@fractious.net - 2011-04-15 19:23 -0400
              Re: advice for an acquaintance Jeffrey Goldberg <nobody@goldmark.org> - 2011-04-16 00:40 -0500
              Re: advice for an acquaintance "John Varela" <newlamps@verizon.net> - 2011-04-17 02:54 +0000
            Re: advice for an acquaintance pf@porkain'tkosher.oink (Paul Fuchs) - 2011-04-15 22:53 -0700
            Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-16 10:23 +0000
              Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 12:45 +0000
                Re: advice for an acquaintance nospam@see.signature (Richard Maine) - 2011-04-16 08:40 -0700
                  Re: advice for an acquaintance Jeffrey Goldberg <nobody@goldmark.org> - 2011-04-16 11:10 -0500
                    Re: advice for an acquaintance nospam@see.signature (Richard Maine) - 2011-04-16 10:21 -0700
                      Re: advice for an acquaintance Walter Bushell <proto@panix.com> - 2011-04-16 17:19 -0400
                  Re: advice for an acquaintance Walter Bushell <proto@panix.com> - 2011-04-16 17:16 -0400
          Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-16 23:00 -0400
            Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-18 12:23 -0700
              Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-19 13:48 +0200
                Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-19 11:00 -0700
                Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-19 12:22 -0400
                  Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-20 07:59 +0200
                  Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-20 11:33 +0000
                    Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-20 14:35 +0200
              Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-19 21:58 -0400
                Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-20 08:31 +0200
                  Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-20 16:04 +0000
      Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-15 12:57 -0700
        Re: advice for an acquaintance nospam@see.signature (Richard Maine) - 2011-04-15 10:15 -0700
          Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-15 13:41 -0700
          Re: advice for an acquaintance Suze <replytome@thenewsgroup.com> - 2011-04-15 20:01 -0500
          Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-17 20:43 +0200
        Re: advice for an acquaintance Tom Stiller <tom_stiller@yahoo.com> - 2011-04-15 13:59 -0400
      Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-16 10:40 +1000
        Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 01:46 +0000
          Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-16 13:21 +1000
            Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 12:45 +0000
        Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-16 10:23 +0000
          Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-16 12:45 +0000
          Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-16 23:19 -0400
            Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-17 14:18 +0000
            Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-17 12:31 -0400
              Re: advice for an acquaintance Jeffrey Goldberg <nobody@goldmark.org> - 2011-04-17 12:55 -0500
                Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-18 11:51 -0400
                  Re: advice for an acquaintance Jeffrey Goldberg <nobody@goldmark.org> - 2011-04-18 11:38 -0500
                    Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-19 12:18 -0400
                      Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-19 22:05 -0400
                        Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-20 11:38 +0000
                          Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-20 16:04 +0000
                  Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-19 07:30 +1000
                    Re: advice for an acquaintance Fred Moore <fmoore@gcfn.org> - 2011-04-19 12:19 -0400
                      Re: advice for an acquaintance dorayme <dorayme@optusnet.com.au> - 2011-04-20 08:03 +1000
                  Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-19 22:02 -0400
                    Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-20 08:27 +0200
                    Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-20 11:33 +0000
              Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-17 23:22 -0400
                Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-18 10:47 +0200
                Re: advice for an acquaintance Warren Oates <warren.oates@gmail.com> - 2011-04-18 07:23 -0400
                  Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-18 13:10 +0000
                    Re: advice for an acquaintance BreadWithSpam@fractious.net - 2011-04-18 11:13 -0400
                      Re: advice for an acquaintance Steve Fenwick <nospam@nospam.invalid> - 2011-04-18 22:22 -0700
                    Re: advice for an acquaintance jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2011-04-21 18:42 +1200
                  Re: advice for an acquaintance John McWilliams <jpmcw@comcast.net> - 2011-04-18 09:37 -0700
                    Re: advice for an acquaintance Wes Groleau <Groleau+news@FreeShell.org> - 2011-04-19 22:10 -0400
      Re: advice for an acquaintance Lewis <g.kreme@gmail.com> - 2011-04-16 10:15 +0000
    Re: advice for an acquaintance Suze <replytome@thenewsgroup.com> - 2011-04-15 11:36 -0500
    Re: advice for an acquaintance nospam <nospam@nospam.invalid> - 2011-04-15 13:08 -0700
    Re: advice for an acquaintance "John Varela" <newlamps@verizon.net> - 2011-04-15 21:45 +0000
      Re: advice for an acquaintance Paul Sture <paul.nospam@sture.ch> - 2011-04-17 19:18 +0200
        Re: advice for an acquaintance Erilar <drache@chibardun.netinvalid> - 2011-04-17 18:59 +0000
          Re: advice for an acquaintance "John Varela" <newlamps@verizon.net> - 2011-04-20 20:50 +0000

Page 2 of 5 — ← Prev page 1 [2] 3 4 5  Next page →

#1342

Jamie Kahn Genet <jamiekg@wizardling.geek.nz> wrote:
> Erilar <drache@chibardun.netinvalid> wrote:
> 
>> I just saved this by e-mailing it to myself 8-)  
  Again
> 
> Of course another option is a dirt cheap Netbook, only running a Linux
> OS like Xubuntu  <http://www.xubuntu.org/>. She can use the included
> browser (Firefox), Email client (Thunderbird - unless she prefers or is
> only used to webmail), word processor (Abiword), etc.
    If I can get her to take that first step, this MIGHT be doable, as she
has so little online experience that at least she's not M$-addicted 8-)
> 
> Running minority apps on a minority OS that are rarely every targetted
> by hackers, will help a lot to make her secure (same goes for OSX, only
> a Mac is obviously far more expensive). In addition she probably won't
> know enough to get under the Linux hood and get into trouble, which by
> the sound of things is not a bad thing :-) She won't need any security
> software in Linux either. As with OSX, there are virtually no viruses in
> the wild likely to affect a user such as your friend.
> 
> Once she has the above she needs to use strong passwords that are unique
> to each important service (e.g. online banking, email, any website that
> allows one-click purchasing like Amazon, etc); a generic but still
> complex password for stuff she'd like kept private, but it wouldn't be a
> huge disaster to have compromised (e.g. a flickr account); and a generic
> easy to remember password for everything else (e.g. a mailing list
> signup, or anything else she wouldn't lose any sleep over being
> compromised).

  I can't see her ever becoming an Amazon customer 8-). Web surfing,
perhaps.
 
> Finally she needs to understand that she should NEVER login to any
> service on a strange, friend's, or public computer. I wouldn't even
> trust most workplace computers, especially if IT is anything less than
> conscientious.

If she gets one of her own, her native paranoia should protect her there.
> 
> The password issue is likely to be the most difficult one for
> beginner-level user, and you might need to assist her with a password
> scheme. Totally random and unique for everything is best, but it's also
> sure to fail for anyone without a perfect memory, let alone a
> computer-illiterate user!
> 
> One scheme I like is making strong, yet easy to recall passwords out of
> varying combinations of made up words, numbers and punctuation, e.g.
> cAStah45?Noon; - it's not totally random, it includes numbers, symbols
> and capitalisation (immediately making it stronger than 99% of the
> passwords out there, heh), and there's a pattern to the capitalisation -
> as capitalisation within passwords is often particularly hard to recall
> (can you see the pattern? ;-) Hint: it treats numbers and symbols as
> letters and determines case based on symbol height).
> 
> Set your friend up with passwords based on something like my suggestion,
> have her write them down (more bad practice, but WTF - in for a penny,
> in for a pound!) and store them in a secure place - e.g. a locked
> drawer, safe, etc.
>
    I think that would work for her.  
 
> Passwords can be painful for the computer-illiterate, but web browsers
> like Firefox include password remembering and even sync between
> computers, reducing the need for your friend to remember a bunch of
> different website passwords when she's at her own computer. So long as
> she can remember just one master password for Firefox, she's covered for
> all websites (but she should still write down new passwords and store
> them in a secure location).
> 
> If she's still worried about security, have her (or more likely you)
> disable automatic login to her OS user account, and require her web
> browser and email client to ask for a master password before access to
> saved passwords for websites and email servers is allowed. Then if her
> laptop is ever stolen or used without her knowledge it will be much
> harder for the criminal to gain access to her sensitive information and
> services.
> Also setup a screensaver that turns on after a few minutes inactivity,
> and requires a password to wake. Likewise waking from sleep should also
> require a password.
> If she's in a place with other people she should also get in the habit
> of activating her screensaver/sleeping/logging out of her user account
> (depending on how long she'll be gone) when she steps away from her
> computer.
> Finally if anyone else ever uses her computer, only allow guest-level
> access from a _separate_ throwaway user account.
> 
> Now that might be getting a bit too paranoid if she's at home alone, but
> it's a good idea out and about.

  She's worried about the cost of internet access, but there are a couple
places she might be comfortable where she could get it.  For a  20- mile
round trip, she could use mine which I can't access in my own front yard
because of the way the house is built 8-)
> 
> Anyway - I hope that is off some some help, and do consider a cheap
> netbook running Linux! Windows is far from the only choice and is a
> terrible one for the computer-illiterate user worried about security.
> Think of Linux distros like the excellent Xubuntu as a poor man's OSX so
> far as freedom from Window's type security issues goes :-)

     This sounds like something I could set up for her.
> 
> Oh, and I also wouldn't put too much stock in some people's fear on
> online banking and online shopping. Follow the above, use a credit card
> that covers liability from fraud (VISA in NZ for example only makes you
> liable for the first NZD$50 of a fraudulent transaction so long as you
> report it promptly, and even that will often be waived) and only do
> business with reputable companies, and you'll be fine :-) I've been
> online banking and shopping online for over ten years, and have yet to
> be hacked or defrauded.

I shop on line and have never had a problem.  I happen to like a bank I can
walk into and pick up a roll of quarters for the laundromat while I'm doing
other things there. Besides, they pay some of my bills for me so I save
bother and postage 8-)



-- 
Erilar, biblioholic medievalist with iPad

[toc] | [prev] | [next] | [standalone]

#1343

Erilar <drache@chibardun.netinvalid> wrote:

> Jamie Kahn Genet <jamiekg@wizardling.geek.nz> wrote:
> > Erilar <drache@chibardun.netinvalid> wrote:
> > 
> >> I just saved this by e-mailing it to myself 8-)  
>   Again
> > 
> > Of course another option is a dirt cheap Netbook, only running a Linux
> > OS like Xubuntu  <http://www.xubuntu.org/>.

Oh, and another thing about the free open source OS Xubuntu - it's dead
easy to install 99% of the time (the other 1% is usually driver issues
because the hardware isn't supported - this can be avoided by _first_
checking the distro's support, FAQs, forums, etc - from my own perusal I
see almost all popular netbooks are well supported by Xubuntu/Ubuntu,
but do check once you've narrowed down which Netbooks your friend
likes).

You can easily download a disc image and make a Xubuntu install CD from
your Mac, or even order a free CD <http://www.xubuntu.org/getubuntu>
(scroll a little way down that link) that'll be shipped to you at no
cost :-) Even cooler is your friend can use the Live CD feature to boot
Xubuntu from that disc without installing anything, or writing to the
HD. That way she can test out Xubuntu and it's included apps to see if
she likes it, without committing to anything.

Last thing - the reason (in case you wondered) why I suggest Xubuntu and
not it's parent Ubuntu, is Xubuntu is specifically designed to run on
slower machines - netbooks, outdated desktops, etc. It's the perfect
choice for the cheap and often underpowered netbook and older PC or Mac
- it will run fast on limited hardware, and is great for breathing new
life into outdated machines. Plus unlike an old version of MacOS or
Windows, Xubuntu comes with the latest software and is well maintained.
Provided you or another local geeky sort can get over to your friend's
place once or twice a year, it will stay that way :-)

-- 
If you're not part of the solution, you're part of the precipitate.

[toc] | [prev] | [next] | [standalone]

#1346

In article <1jzukd0.1pqaebd1exqm2oN%jamiekg@wizardling.geek.nz>,
 jamiekg@wizardling.geek.nz (Jamie Kahn Genet) wrote:

> Last thing - the reason (in case you wondered) why I suggest Xubuntu and
> not it's parent Ubuntu, is Xubuntu is specifically designed to run on
> slower machines - netbooks, outdated desktops, etc. It's the perfect
> choice for the cheap and often underpowered netbook and older PC or Mac
> - it will run fast on limited hardware, and is great for breathing new
> life into outdated machines. Plus unlike an old version of MacOS or
> Windows, Xubuntu comes with the latest software and is well maintained.
> Provided you or another local geeky sort can get over to your friend's
> place once or twice a year, it will stay that way :-)

 Back on my laptop, where I can multitask 8-)   It sounds like a nice 
safe alternative for someone like her.  The thought of her dealing with 
virus protection is horrifying!   My youngest sister gets into enough 
trouble, but she has two computer literate grown children and a sister 
who speak M$, so I don't have to. Thanks very much!  Now, if I can only 
get her to agree. . .

-- 
Erilar, biblioholic medievalist


http://www.mosaictelecom.com/~erilarlo

[toc] | [prev] | [next] | [standalone]

#1356

Jamie Kahn Genet <jamiekg@wizardling.geek.nz> wrote:

> Totally random and unique for everything is best, but it's also
> sure to fail for anyone without a perfect memory, let alone a
> computer-illiterate user!

A password manager makes this trivial. Random unique passwords for
everything,and you don't have to remember them at all.

Surely something similar to 1Passwod exists for Linux?

-- 
this is not a signture

[toc] | [prev] | [next] | [standalone]

#1361

In article <1jzu9rv.1ur1ebt1luo1eiN%jamiekg@wizardling.geek.nz>,
 jamiekg@wizardling.geek.nz (Jamie Kahn Genet) wrote:

> cAStah45?Noon; - it's not totally random, ... there's a pattern ...
> ...  Hint: it treats numbers and symbols as
> letters and determines case based on symbol height).

No matter what string, there's a pattern that can be supposed. 
The idea, which you have though, is correct, just don't have a 
pattern that anyone can guess.

-- 
dorayme

[toc] | [prev] | [next] | [standalone]

#1398

dorayme <dorayme@optusnet.com.au> wrote:

> In article <1jzu9rv.1ur1ebt1luo1eiN%jamiekg@wizardling.geek.nz>,
>  jamiekg@wizardling.geek.nz (Jamie Kahn Genet) wrote:
> 
> > cAStah45?Noon; - it's not totally random, ... there's a pattern ...
> > ...  Hint: it treats numbers and symbols as
> > letters and determines case based on symbol height).
> 
> No matter what string, there's a pattern that can be supposed. 
> The idea, which you have though, is correct, just don't have a 
> pattern that anyone can guess.

The pattern of capitalisation is only to aid the user's memory, as
capitalisation within a password is often the hardest part to recall.
Were someone to try cracking such a password with brute force, it is
conceivable they might first try such patterns (and perhaps they might
even try guessing a half-height symbol is considered lowercase and vice
versa in such a pattern), even logical guesses on letters commonly used
together based on the language of the user... perhaps even guessing
which numbers might be used together based on statistical likelihoods
involving human psychology and placement and order of numbers (e.g. the
series 123 is unlikely if we assume a smart user, then again 123 might
be likely if as I sometimes suspect many users are not so smart...).

Now conceivably if they did all the above and more I've not gone into,
they might shave some time off a pure brute force attack. But IME brute
force attacks are rarely so complex, and they often still have to deal
with the authentication system allowing a limited number of guesses in a
given time frame, to say the least.

Thus a password containing limited randomness and reasonably non-obvious
(to a simple script anyway) patterns for the rest is 'good enough' for
anyone but the NSA ;-)
If the goal is to allow a mere mortal to remember a password, you just
want it to be hard to guess (no real words, no simple number strings
like 123, no details pertaining to the life of the user or their general
knowledge, inclusion of some numbers, symbols and capitalisation, of a
decent length). Not impossible.

Totally random passwords only work IME if you only ever have to recall
one or two, enter them often (so one doesn't forget), have an
exceptional memory, or use them within an encrypted database such as
1Password or certain web browser password memories. However the latter
still requires you to remember one master password, and if that's weak
or worse - impossible to remember, you're wasting your time making the
rest totally random.
-- 
If you're not part of the solution, you're part of the precipitate.

[toc] | [prev] | [next] | [standalone]

#1404

In article <1jzwshs.1izz7et2qy8zmN%jamiekg@wizardling.geek.nz>,
 jamiekg@wizardling.geek.nz (Jamie Kahn Genet) wrote:

> dorayme <dorayme@optusnet.com.au> wrote:
> 
> > In article <1jzu9rv.1ur1ebt1luo1eiN%jamiekg@wizardling.geek.nz>,
> >  jamiekg@wizardling.geek.nz (Jamie Kahn Genet) wrote:
> > 
> > > cAStah45?Noon; - it's not totally random, ... there's a pattern ...
> > > ...  Hint: it treats numbers and symbols as
> > > letters and determines case based on symbol height).
> > 
> > No matter what string, there's a pattern that can be supposed. 
> > The idea, which you have though, is correct, just don't have a 
> > pattern that anyone can guess.
> 
> The pattern of capitalisation is only to aid the user's memory

Fair enough.

Pictures are easy for humans to remember. Perhaps we could have a 
picture (not of ourselves or of Madonna!) that is entered as a 
password. The chances of someone else guessing the right picture 
would be too remote for words... I mean pixels...

The idea is that you register a picture as you would an alpha 
numeric string and the checker on the server compares it to the 
one submitted each time. It must be a severish exact match, pixel 
for pixel in number and colour value, but not particularly (or 
even) in name. This would give impossible hurdles for hackers who 
cannot get hold of the actual picture. 

Now, how to store a picture? Well, here is a boring but effective 
option: you have it on your keyring usb stick. Loose among 
thousands of other pics, all you need to remember is the name or 
simply recognise the preview (in View as Icons). Or, simply a 
conventional strong alpha numeric password to a folder in which 
it resides. The idea is that this is just protection against the 
unlikely possibility of someone who gets to be connected to a 
hacker gaining access to your pocket.

Less boring is an easy to use facility to make a picture on the 
spot. Simple tools to draw in a unique pattern you create as 
yours. This might suit many of us and have the advantage of there 
not being any actual picture anywhere (outside brains) that could 
be stolen.

-- 
dorayme

[toc] | [prev] | [next] | [standalone]

#1410

Jamie Kahn Genet <jamiekg@wizardling.geek.nz> wrote:
> Totally random passwords only work IME if you only ever have to recall
> one or two, enter them often (so one doesn't forget), have an
> exceptional memory, or use them within an encrypted database such as
> 1Password or certain web browser password memories. However the latter
> still requires you to remember one master password, and if that's weak
> or worse - impossible to remember, you're wasting your time making the
> rest totally random.

My password for 1password is a simple string of unrelated words with some
extra characters thrown in.  Since I keep this password written down
somewhere my wife can find it if i get hit by a bus, I don't change it
often.

My previous password, in use until about a year ago, was
byte411masonTophaT, which I still sometimes type in first thing in the
morning.

I have four passwords I have to remember.

1. Login password (totally random, 8-10 characters)
2. Keychain password (like the login password, but memorable)
3. 1Password password (15-20 characters)
4. World of Warcraft password.

*everything else* is in 1Password

-- 
this is not a signture

[toc] | [prev] | [next] | [standalone]

#1317

On Fri, 15 Apr 2011 20:05:27 UTC, nospam <nospam@nospam.invalid> 
wrote:

> banks are incredibly anal about security,
> timing out connections, asking the useless security questions, etc.

I have from time to time bought U.S. Treasury bills through their 
web site, Treasury Direct. A few years ago they came up with a new 
version of Treasury Direct and renamed the old version Legacy 
Treasury Direct. I have continued to use Legacy Treasury Direct, but
now they are phasing out Legacy Treasury Direct and I have been 
forced to get an account with Treasury Direct.

Entrance to Lecagy Treasury Direct was straightforward: email 
address plus password.

Entrance to Treasury Direct is beyond anal. Logging on requires use 
of an assigned account number plus a password that must contain a 
special character (#$%& etc.). OK so far, but next comes the piece 
de resistance: They have sent me a plastic wallet-size card that is 
linked to my account. This card has an array of ten columns labeled 
A through J and five rows labeled 1 through 5. In each of the fifty 
cells is a letter or digit. After UID and password, the site demands
entry of the contents of three cells, such as F2, C4, and I3. The 
three cells will be different at each login, of course.

The first problem is, where am I going to keep this stupid card? And
the second question is, since I only log onto this web site once or 
twice a year, after I save the card somewhere, how will I remember 
where it is?

Let's hope this practice with the cards doesn't become general. The 
card itelf has NO identifying label except a serial number and 
accompanying bar code. If I had a half-dozen of these, how would i 
know which was which?

-- 
John Varela

[toc] | [prev] | [next] | [standalone]

#1319

"John Varela" <newlamps@verizon.net> writes:

> Entrance to Treasury Direct is beyond anal. Logging on requires use 
> of an assigned account number plus a password that must contain a 
> special character (#$%& etc.). OK so far, but next comes the piece 

1Password.  (Or similar password management software).

> de resistance: They have sent me a plastic wallet-size card that is 
> linked to my account. This card has an array of ten columns labeled 
> A through J and five rows labeled 1 through 5. In each of the fifty 

> The first problem is, where am I going to keep this stupid card? And
> the second question is, since I only log onto this web site once or 
> twice a year, after I save the card somewhere, how will I remember 
> where it is?

Scan it in.  Actually, you can store that scanned image in 1Password,
too.  (Or in an encrypted disk image or something)


-- 
Plain Bread alone for e-mail, thanks.  The rest gets trashed.

[toc] | [prev] | [next] | [standalone]

#1329

On 11-04-15 6:23 PM, BreadWithSpam@fractious.net wrote:
> "John Varela"<newlamps@verizon.net>  writes:

 >> [snip of obnoxious multifactor authentication system]

>> The first problem is, where am I going to keep this stupid card? And
>> the second question is, since I only log onto this web site once or
>> twice a year, after I save the card somewhere, how will I remember
>> where it is?
>
> Scan it in.  Actually, you can store that scanned image in 1Password,
> too.  (Or in an encrypted disk image or something)

Thanks, Bread! I was going to suggest the identical thing. Except that I 
would have had to add a disclosure that I work for the makers of 1Password.

You can add attachments to Logins in 1Password, and a scanned image of 
the card would be a perfect attachment for this particular one.

Cheers,

-j



-- 
Jeffrey Goldberg          http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid

[toc] | [prev] | [next] | [standalone]

#1368

On Fri, 15 Apr 2011 23:23:19 UTC, BreadWithSpam@fractious.net wrote:

> "John Varela" <newlamps@verizon.net> writes:
> 
> > Entrance to Treasury Direct is beyond anal. Logging on requires use 
> > of an assigned account number plus a password that must contain a 
> > special character (#$%& etc.). OK so far, but next comes the piece 
> 
> 1Password.  (Or similar password management software).
> 
> > de resistance: They have sent me a plastic wallet-size card that is 
> > linked to my account. This card has an array of ten columns labeled 
> > A through J and five rows labeled 1 through 5. In each of the fifty 
> 
> > The first problem is, where am I going to keep this stupid card? And
> > the second question is, since I only log onto this web site once or 
> > twice a year, after I save the card somewhere, how will I remember 
> > where it is?
> 
> Scan it in.  Actually, you can store that scanned image in 1Password,
> too.  (Or in an encrypted disk image or something)

Great idea. Thank you. I do use 1Password.

After I do that, maybe I'll go across the river to the Treasury 
Building and burn the original card.

-- 
John Varela

[toc] | [prev] | [next] | [standalone]

#1330

John Varela <newlamps@verizon.net> wrote:

> On Fri, 15 Apr 2011 20:05:27 UTC, nospam <nospam@nospam.invalid> 
> wrote:
> 
> > banks are incredibly anal about security,
> > timing out connections, asking the useless security questions, etc.
> 
> I have from time to time bought U.S. Treasury bills through their 
> web site, Treasury Direct. A few years ago they came up with a new 
> version of Treasury Direct and renamed the old version Legacy 
> Treasury Direct. I have continued to use Legacy Treasury Direct, but
> now they are phasing out Legacy Treasury Direct and I have been 
> forced to get an account with Treasury Direct.
> 
> Entrance to Lecagy Treasury Direct was straightforward: email 
> address plus password.
> 
> Entrance to Treasury Direct is beyond anal. Logging on requires use 
> of an assigned account number plus a password that must contain a 
> special character (#$%& etc.). OK so far, but next comes the piece 
> de resistance: They have sent me a plastic wallet-size card that is 
> linked to my account. This card has an array of ten columns labeled 
> A through J and five rows labeled 1 through 5. In each of the fifty 
> cells is a letter or digit. After UID and password, the site demands
> entry of the contents of three cells, such as F2, C4, and I3. The 
> three cells will be different at each login, of course.
> 
> The first problem is, where am I going to keep this stupid card? And
> the second question is, since I only log onto this web site once or 
> twice a year, after I save the card somewhere, how will I remember 
> where it is?
> 
> Let's hope this practice with the cards doesn't become general. The 
> card itelf has NO identifying label except a serial number and 
> accompanying bar code. If I had a half-dozen of these, how would i 
> know which was which?

For me, the more "anal," the better.  I would rather spend a few extra
minutes logging on a few times a year, than lose most of my savings to a
cyber thief.  I think that their matrix card was a very good idea.  I
also like their set-up.  You can get an account using your exiting bank
with no hassle, but to get additional banks signed up corresponding to
your account requires a personal visit to that bank, and a sign-off with
the bank manager and notarization.  So even if a scumbag steals all your
security info, he would still have a really hard time getting your money
out.  The worst he could probably do is just vandalize the account by
putting funds where you don't want them.

-- 
During times of universal deceit, telling the truth 
becomes a revolutionary act.
George Orwell

[toc] | [prev] | [next] | [standalone]

#1336

"John Varela" <newlamps@verizon.net> wrote:
> On Fri, 15 Apr 2011 20:05:27 UTC, nospam <nospam@nospam.invalid> 
> wrote:
> 
>> banks are incredibly anal about security,
>> timing out connections, asking the useless security questions, etc.
> 
> I have from time to time bought U.S. Treasury bills through their 
> web site, Treasury Direct. A few years ago they came up with a new 
> version of Treasury Direct and renamed the old version Legacy 
> Treasury Direct. I have continued to use Legacy Treasury Direct, but
> now they are phasing out Legacy Treasury Direct and I have been 
> forced to get an account with Treasury Direct.
> 
> Entrance to Lecagy Treasury Direct was straightforward: email 
> address plus password.
> 
> Entrance to Treasury Direct is beyond anal. Logging on requires use 
> of an assigned account number plus a password that must contain a 
> special character (#$%& etc.). OK so far, but next comes the piece 
> de resistance: They have sent me a plastic wallet-size card that is 
> linked to my account. This card has an array of ten columns labeled 
> A through J and five rows labeled 1 through 5. In each of the fifty 
> cells is a letter or digit. After UID and password, the site demands
> entry of the contents of three cells, such as F2, C4, and I3. The 
> three cells will be different at each login, of course.
> 
> The first problem is, where am I going to keep this stupid card? And
> the second question is, since I only log onto this web site once or 
> twice a year, after I save the card somewhere, how will I remember 
> where it is?

I'd type the whole damn card into a notes field in 1Password. 

> Let's hope this practice with the cards doesn't become general. The 
> card itelf has NO identifying label except a serial number and 
> accompanying bar code. If I had a half-dozen of these, how would i 
> know which was which?

Sharpie?

-- 
this is not a signture

[toc] | [prev] | [next] | [standalone]

#1338

Additional question -- related:

As a died- in-the-wool Mac addict of many years' standing, this one hurts.

Little non-Mac computers may be within her financial range, and there's a
Best Buy "deal" of a little 10" Samsung plus a decent printer for less than
the price of an iPad like mine, which I can't print from (and she would
need a printer for hers).  It would let her buy it "live" if I could
convince her to do something like this, and there is a local computer
service that deals with M$ stuff.

So how does one set up virus protection on something like that for the
unwary?

[toc] | [prev] | [next] | [standalone]

#1344

Erilar <drache@chibardun.netinvalid> wrote:

> So how does one set up virus protection on something like that for the
> unwary?

Can't be done. Anyway not well enough for the truly computer illiterate
for something as important as banking. If it can be done for her, then
she isn't nearly as computer illiterate as your first post implied, as I
know people in worse shape. As I mentioned before, even trying just
encourages false hopes. Let's see.

1. Most importantly, many attacks target the human instead of any
weakness in the operating system. Protection in the OS won't solve that.
There are things that can help... a little, such as warnings about some
suspicious things. But in the end, human cluelessness can easily defeat
all such schemes. Humans will just click past the real warnings without
reading them, while getting taken in by the malware that disguises
itself as security messages.

2. That point about malware that disguises itself as messages is very
real and a major enough issue to merit a bullet of its own. Even
paranoia isn't enough to keep you safe because such paranoia is what it
feeds on. You just have to understand how to recognize the difference
between a real virus warning and a bogus one. Sometimes it can be
subtle. A truly computer illiterate person will *NOT* be able to do
this. Not even if you explicitly tell them; they will forget. And if you
write it down fo rthem they will either loose the paper or fail to read
it at the right times. I'm not making this up. If you think I am, then
you obviously have not worked with the truly computer illiterate. You
described her as "about as computer-illiterate as you can imagine".
Perhaps you majorly underestimate not only my imagination, but even my
direct experience with some people.

3. Virus protection isn't something you can just set up and forget
about. It need maintenance, if only annual renewals.

4. Heck, I've gotten paper mail that is "suspicious". A virus protector
isn't going to help against that. I have a piece right now. It alleges
to be for a class action suit against Chase. Looks very much like such
things really do; I've seen plenty. The class action suit is quite
plausible, including the usual "ordinary people get peanuts while the
lawyers get tens of millions of dollars or more." It might even be real;
I truly can't tell for sure. But the information that the web site wants
to register you as a member of the class sounds an awful lot like stuff
that could be used for identity theft.

5. True viruses are a small minority of the actual problems. Of course,
so-called virus protectors do catch things other than viruses. The term
"virus" seems to have been corrupted in the common vernacilar to mean
"pretty much anything bad."

6. Etc.

-- 
Richard Maine                    | Good judgment comes from experience;
email: last name at domain . net | experience comes from bad judgment.
domain: summertriangle           |  -- Mark Twain

[toc] | [prev] | [next] | [standalone]

#1348

On 11-04-16 10:40 AM, Richard Maine wrote:

> 1. Most importantly, many attacks target the human instead of any
> weakness in the operating system.

In this case, she looks like a ready made victim of scareware ("Your 
computer is infect with a virus. Run this tool NOW to clean it").

People who are "overly cautious" but not very sophisticated are 
sometimes the easiest to fool.  A relative of mine falls into this 
category. She panics at anything suspicious and can easily do the wrong 
thing in that panic.

I think the best solution for the friend isn't going to come from 
computer technology, but from modern pharmacology. Look at treatments 
for anxiety disorders.

Cheers,

-j

-- 
Jeffrey Goldberg          http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid

[toc] | [prev] | [next] | [standalone]

#1351

Jeffrey Goldberg <nobody@goldmark.org> wrote:

> On 11-04-16 10:40 AM, Richard Maine wrote:
> 
> > 1. Most importantly, many attacks target the human instead of any
> > weakness in the operating system.
> 
> In this case, she looks like a ready made victim of scareware ("Your 
> computer is infect with a virus. Run this tool NOW to clean it").

Absolutely. That's exactly the kind of thing I was referring to when I
talked about malware that feeds on paranoia.

And (just to avoid making a aeparate post), I completely agree with
Fred's point that something will go wrong and it will be your fault.
Been there. It's always your fault. Even if it was something you told
her to avoid.

-- 
Richard Maine                    | Good judgment comes from experience;
email: last name at domain . net | experience comes from bad judgment.
domain: summertriangle           |  -- Mark Twain

[toc] | [prev] | [next] | [standalone]

#1360

In article <1jztb98.18sg62a1kp46pcN%nospam@see.signature>,
 nospam@see.signature (Richard Maine) wrote:

> Jeffrey Goldberg <nobody@goldmark.org> wrote:
> 
> > On 11-04-16 10:40 AM, Richard Maine wrote:
> > 
> > > 1. Most importantly, many attacks target the human instead of any
> > > weakness in the operating system.
> > 
> > In this case, she looks like a ready made victim of scareware ("Your 
> > computer is infect with a virus. Run this tool NOW to clean it").
> 
> Absolutely. That's exactly the kind of thing I was referring to when I
> talked about malware that feeds on paranoia.
> 
> And (just to avoid making a aeparate post), I completely agree with
> Fred's point that something will go wrong and it will be your fault.
> Been there. It's always your fault. Even if it was something you told
> her to avoid.

Hey, maybe then she will stop talking to their free consultant.

-- 
The Chinese pretend their goods are good and we pretend our money 
is good, or is it the reverse?

[toc] | [prev] | [next] | [standalone]

#1359

In article <1jzt5jp.1yfz0rzzdyp4uN%nospam@see.signature>,
 nospam@see.signature (Richard Maine) wrote:

> 1. Most importantly, many attacks target the human instead of any
> weakness in the operating system. Protection in the OS won't solve that.
> There are things that can help... a little, such as warnings about some
> suspicious things. But in the end, human cluelessness can easily defeat
> all such schemes. Humans will just click past the real warnings without
> reading them, while getting taken in by the malware that disguises
> itself as security messages.

A yes. Beware of geeks bearing gifs.

-- 
The Chinese pretend their goods are good and we pretend our money 
is good, or is it the reverse?

[toc] | [prev] | [next] | [standalone]

Page 2 of 5 — ← Prev page 1 [2] 3 4 5  Next page →

Back to top | Article view | comp.sys.mac.apps

csiph-web